Apply on Employer Site

Eden Prescott · 1 month ago

Principal Application Security Engineer

United States

Full-time

Remote

Lead/Staff

$175K/yr - $275K/yr

Eden Prescott is a company focused on developing a next-generation crypto platform. They are seeking a Principal Application Security Engineer to build and scale the security program while defining the security architecture for various components including wallet infrastructure and smart contract tooling.

Staffing & Recruiting

Responsibilities

Serve as the principal AppSec authority across engineering, advising on secure design, threat modeling, and code-level risks for crypto products, wallet services, internal tools, and external APIs

Build crypto-aware secure development frameworks (secure key handling, signature generation flows, transaction validation, secure RPC usage, wallet UX hardening, etc.) and embed them into engineering workflows

Design and implement security controls in CI/CD and the software supply chain, including signing pipelines, dependency governance, artifact integrity, and protections against tampering or dependency attacks

Partner closely with engineering leadership and founders to lead the design and implementation of secure application and cloud practices

Lead application security reviews across backend services, client applications, wallets, smart contract SDKs, and internal developer platforms

Develop tooling and automation to continuously detect vulnerabilities across codebases, libraries, node infrastructure, and integrations with external chains

Own and evolve AppSec incident response, covering vulnerabilities, transaction-layer anomalies, suspicious on-chain patterns, and key-management-related issues

Establish and lead a security champions program, mentoring engineers to embed a culture of proactive security ownership in a fast-moving crypto environment

Qualification

Application SecuritySecure Development FrameworksCI/CD Security ControlsSDLC ExpertiseModern Application StacksCross-Functional Security InitiativesSupply Chain RisksBuilder's MindsetClear Communication

Required

Strong expertise across the full SDLC, including secure design, code analysis, threat modeling, dependency hygiene, and deployment best practices

Deep technical experience debugging and securing modern application stacks (e.g., Node.js, Go, Rust, Python, TypeScript), with the ability to dive into code and understand vulnerabilities in depth

Experience leading cross-functional security initiatives in fast-moving, engineering-heavy environments — ideally at high-growth startups or fintech/crypto platforms

Strong understanding of modern supply chain risks, including package ecosystem threats, code signing, dependency manipulation, build pipeline integrity, and artifact verification

Clear, concise communication skills, able to influence founders, engineering leaders, and cross-functional partners with strategic clarity and pragmatic execution

A builder's mindset — comfortable operating in ambiguity, setting foundations from scratch, and empowering developers to ship secure, high-impact features quickly